d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
main
smom-dbis-138/docs/operations/status-reports/REVIEW_NETWORK_POLICIES.md
defiQUG 1fb7266469 Add Oracle Aggregator and CCIP Integration 
- Introduced Aggregator.sol for Chainlink-compatible oracle functionality, including round-based updates and access control.
- Added OracleWithCCIP.sol to extend Aggregator with CCIP cross-chain messaging capabilities.
- Created .gitmodules to include OpenZeppelin contracts as a submodule.
- Developed a comprehensive deployment guide in NEXT_STEPS_COMPLETE_GUIDE.md for Phase 2 and smart contract deployment.
- Implemented Vite configuration for the orchestration portal, supporting both Vue and React frameworks.
- Added server-side logic for the Multi-Cloud Orchestration Portal, including API endpoints for environment management and monitoring.
- Created scripts for resource import and usage validation across non-US regions.
- Added tests for CCIP error handling and integration to ensure robust functionality.
- Included various new files and directories for the orchestration portal and deployment scripts.
2025-12-12 14:57:48 -08:00

1.3 KiB
Raw Permalink Blame History

Network Policies Review

Overview

Network Policies have been created to restrict pod-to-pod communication in the besu-network namespace.

Policies Created

1. default-deny-all

  • Purpose: Default deny all traffic
  • Scope: All pods in namespace
  • Status: Created

2. allow-validator-internal

  • Purpose: Allow validators to communicate with sentries and other validators
  • Scope: Validator pods
  • Ports: 30303 (TCP/UDP), 9545 (TCP)
  • Status: Created

3. allow-sentry-p2p

  • Purpose: Allow sentries to accept P2P connections
  • Scope: Sentry pods
  • Ports: 30303 (TCP/UDP), 9545 (TCP)
  • Status: Created

4. allow-rpc-http

  • Purpose: Allow RPC nodes to receive HTTP traffic from gateway
  • Scope: RPC pods
  • Ports: 8545, 8546, 9545 (TCP)
  • Status: Created

5. allow-gateway-external

  • Purpose: Allow gateway to receive external traffic and forward to RPC nodes
  • Scope: Gateway pods
  • Ports: 80, 443 (TCP)
  • Status: Created

Validation

Run the validation script:

./scripts/validation/validate-network-policies.sh

Application

Apply Network Policies:

kubectl apply -f k8s/network-policies/default-deny.yaml

Testing

Test pod-to-pod communication restrictions to ensure policies are working correctly.

Reference in New Issue View Git Blame Copy Permalink